The volume, variety and value of data generated by Internet of Things (IoT) devices are expected to increase significantly in foreseeable future, hence, reinforcing the importance of secure and efficient access control solutions for these devices and their networks. However, existing access control solutions are not generally lightweight or scalable, particularly for geographically disperse, inexpensive resource constrained IoT devices. To tackle above challenges, we propose a lightweight consortium blockchain based architecture to enable intelligent autonomous access control for IoT devices. In our architecture, intelligent blockchain facilitates the storing of access policies, provision of authentication services for data access control, and trust evaluation for access request nodes through token accumulation mechanism. Specifically, the user's access request is approved only after it is confirmed by the blockchain network. To ensure the reliability of authenticity, a compromised resistant consensus algorithm is adapted and implemented to defend against at most $1/3$ compromised authenticators. In addition, a cross-domain and flexible access control model is not only used to support data sharing among various users but can also be used for access control for exceptional blockchain situations. We explain how our system meets our design goals of reliability, availability, confidentiality, integrity, lightweight, security and scalability. In addition, we also analyze the proposed system's performance from computational, storage and network overheads (e.g., running cryptographic algorithms on a Raspberry Pi 4B), and the findings suggest that the time to run typical cryptographic algorithms is in the microsecond range.

中文翻译：

---

一种基于区块链的物联网跨域自主访问控制方案

物联网 (IoT) 设备生成的数据的数量、种类和价值预计在可预见的未来将显着增加，因此，加强对这些设备及其网络的安全和高效访问控制解决方案的重要性。然而，现有的访问控制解决方案通常不是轻量级或可扩展的，特别是对于地理分散、廉价的资源受限的物联网设备。为了应对上述挑战，我们提出了一种基于轻量级联盟区块链的架构，以实现物联网设备的智能自主访问控制。在我们的架构中，智能区块链通过令牌累积机制促进了访问策略的存储、数据访问控制的认证服务的提供以及访问请求节点的信任评估。具体来说，只有在区块链网络确认后，用户的访问请求才会被批准。为了确保真实性的可靠性，采用并实施了一种折衷抵抗共识算法，以抵御最多$1/3$受损的验证器。此外，跨域、灵活的访问控制模型不仅可以支持不同用户之间的数据共享，还可以用于区块链异常情况下的访问控制。我们解释了我们的系统如何满足我们的可靠性、可用性、机密性、完整性、轻量级、安全性和可扩展性的设计目标。此外，我们还从计算、存储和网络开销（例如，在 Raspberry Pi 4B 上运行加密算法）分析了所提出系统的性能，结果表明运行典型加密算法的时间在微秒范围内。